(Objective-C) Get the Server Certificate, Certificate Chain, and Root CA Certificate

Demonstrates how to get the HTTP server certificate, its certificate chain, and the root CA certificate.

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoHttp.h>
#import <CkoCert.h>
#import <CkoCertChain.h>

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

CkoHttp *http = [[CkoHttp alloc] init];

// We're getting the SSL/TLS certificate, so make sure to connect to the SSL/TLS port (443).
CkoCert *sslCert = [http GetServerSslCert: @"nationalgeographic.com" port: [NSNumber numberWithInt: 443]];
if (http.LastMethodSuccess == NO) {
    NSLog(@"%@",http.LastErrorText);
    return;
}

// Note: Prior to v9.5.0.50, this method would fail if the certificate chain could not 
// be completed to the root.  Starting in v9.5.0.50, the incomplete certificate chain 
// will be returned.  The certificate chain's ReachesRoot property can be examined to 
// see if the chain was completed to the root.
CkoCertChain *certChain = [sslCert GetCertChain];
if (sslCert.LastMethodSuccess == NO) {
    NSLog(@"%@",sslCert.LastErrorText);

    return;
}

int i = 0;
int numCerts = [certChain.NumCerts intValue];
while (i < numCerts) {
    CkoCert *cert = [certChain GetCert: [NSNumber numberWithInt: i]];
    NSLog(@"%@%d%@%@",@"SubjectDN ",i,@": ",cert.SubjectDN);
    NSLog(@"%@%d%@%@",@"IssuerDN ",i,@": ",cert.IssuerDN);

    i = i + 1;
}

// If the certificate chain reaches the root CA cert, then the last cert in the chain
// is the root CA cert.
if (certChain.ReachesRoot == YES) {
    CkoCert *caCert = [certChain GetCert: [NSNumber numberWithInt: (numCerts - 1)]];
    NSLog(@"%@%@",@"CA Root Cert: ",caCert.SubjectDN);

}